<?php
session_start();
require_once ('../init.php');
require_once ('includes/lib/func_rightCtrl.php');
require_once ('includes/lib/func_register.php');
// 权限控制
player_rightCtrl();
$uid = $_SESSION['uid'];
echo <<<EOT
<div class="container">
		<link href="/afctf/layui/css/layui.css" rel="stylesheet" type="text/css" media="all"/>
		<link href="/afctf/css/announce.css" rel="stylesheet" type="text/css" media="all"/>
			<form class="layui-form allmain" method='POST' action='/afctf/members/infochange.php?action=info'>
				<blockquote class="layui-elem-quote">修改个人信息</blockquote>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">昵称</label>
					<div class="layui-input-block">
						<input name="user_nickname" type="text" placeholder="请输入你想要修改的昵称" autocomplete="off" class="layui-input" maxlength="14">
					</div>
				</div>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">邮箱</label>
					<div class="layui-input-block">
						<input name="user_email" type="text" placeholder="请输入你想要修改的邮箱" autocomplete="off" class="layui-input" maxlength="50">
					</div>
				</div>				
				<div style="text-align:center;margin-left:auto; margin-right:auto;margin-bottom:25px">
		            <input class="submit layui-btn" type="submit"  value="提交">
		        </div>
			</form>
			<form class="layui-form allmain" method='POST' action='/afctf/members/infochange.php?action=pw'>
				<blockquote class="layui-elem-quote">修改个人密码</blockquote>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">旧密码</label>
					<div class="layui-input-block">
						<input name="oldpasswd" type="password" required  lay-verify="required" placeholder="请输入你的旧密码" autocomplete="off" class="layui-input" maxlength="16">
					</div>
				</div>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">新密码</label>
					<div class="layui-input-block">
						<input name="newpasswd1" type="password" required  lay-verify="required" placeholder="请输入你的新密码" autocomplete="off" class="layui-input" maxlength="16">
					</div>
				</div>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">新密码</label>
					<div class="layui-input-block">
						<input name="newpasswd2" type="password" required  lay-verify="required" placeholder="请再次输入你的新密码" autocomplete="off" class="layui-input" maxlength="16">
					</div>
				</div>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">验证码</label>
					<div class="layui-input-block">
						<input name="verify" type="text" required  lay-verify="required" placeholder="请输入验证码" autocomplete="off" class="layui-input" style="width:75%;float:left" maxlength="5">
                        <img id="checkcode-img" src="/afctf/includes/lib/checkcode.php" style="width:25%" onclick="this.src='/afctf/includes/lib/checkcode.php?action=refresh'"/>
                    </div>
				</div>
				<div style="text-align:center;margin-left:auto; margin-right:auto;margin-bottom:25px">
		            <input class="submit layui-btn" type="submit"  value="提交">
		        </div>
			</form>
		</div>
EOT;
if(@$_GET['action'] == 'info'){
	if($_POST['user_nickname'] != NULL){
		$user_nickname = $_POST['user_nickname'];
		// 检查昵称字符
	    if (!check_nickname($user_nickname)){
	        msg_display('昵称只能由汉字、英文、数字和 !@#￥%^&*()._ 组成','error','#');
	    }
	    // 检查昵称长度
	    if (!check_strlength($user_nickname,14)){
	        msg_display('昵称长度最多为14位','error','#');
	    }
		$update = "UPDATE `user` SET `nickname` = :nickname WHERE `uid` = :uid";
		$sth_update = $dbh -> prepare($update);
		$sth_update -> bindParam(":nickname",$user_nickname);
		$sth_update -> bindParam(":uid",$uid);
		try {
			$sth_update -> execute();
		}catch (Exception $e) {
	        msg_display('该昵称已被注册','error','#');
	    }

	}
	if($_POST['user_email'] != NULL){
		$user_email = $_POST['user_email'];
		// 检查邮箱长度
	    if (!check_strlength($user_email,50)){
	        msg_display('邮箱长度超出范围','error','#');
	    }
		//  检查邮箱地址
	    if (!valid_email($user_email)){
	        msg_display('邮件格式错误','error','#');
	    }
		$update = "UPDATE `user` SET `email` = :email WHERE `uid` = :uid";
		$sth_update = $dbh -> prepare($update);
		$sth_update -> bindParam(":email",$user_email);
		$sth_update -> bindParam(":uid",$uid);
		try {
			$sth_update -> execute();
		}catch (Exception $e) {
	        msg_display('该邮箱已被注册','error','#');
	    }
	}
	if(!isset($user_nickname) && !isset($user_email)){
		msg_display('提交的表单为空','error','#');
	}
	else{
		msg_display('个人信息修改成功','success','#');	
}
}
if(@$_GET['action'] == 'pw'){
	$oldpasswd = $_POST['oldpasswd'];
	$newpasswd1 = $_POST['newpasswd1'];
	$newpasswd2 = $_POST['newpasswd2'];
	$verify 	= $_POST['verify'];
	$code = $_SESSION['code'];
    // 使用完验证码之后清除
    unset($_SESSION['code']);
	// 检查验证码是否正确
    if(strnatcasecmp($verify,$code)){
        msg_display('验证码错误','error','#');
    }
	// 检查密码
    $passwdStatus = check_password($newpasswd1,$newpasswd2);
    if ($passwdStatus === 2){
        msg_display('两次填写的密码不一致','error','#');
    }elseif ($passwdStatus === 3) {
        msg_display('密码的长度需要在6~16之间','error','#');
    }elseif ($passwdStatus === 4) {
        msg_display('密码只能使用英文字母数字以及!@#$%^&*()_等字符','error','#');
    }
	// 校验旧密码是否正确
	$oldpw_query   = "SELECT `salt`,`passwd_hash` FROM `user` WHERE `uid` = :uid";
	$sth_oldpw     = $dbh->prepare($oldpw_query);
	$sth_oldpw -> bindParam(":uid",$uid);
	$sth_oldpw -> execute();
	$result        = $sth_oldpw -> fetch();

    $db_salt = $result['salt'];
    $db_hash = $result['passwd_hash']; 
    // 对用户提交的旧密码作处理
	$password_hash = hash('sha256',$oldpasswd.$db_salt);
	if($password_hash === $db_hash){
		// 校验正确，更新密码
		$salt = getrandstr(32);
		$hashpassword = hash('sha256',$newpasswd1.$salt);
		$pw_update = "UPDATE `user` SET `salt` = :salt,`passwd_hash` = :hashpassword WHERE `uid` = :uid";
		$sth_pwupdate = $dbh->prepare($pw_update);
		$sth_pwupdate ->bindParam(":salt",$salt);
		$sth_pwupdate ->bindParam(":hashpassword",$hashpassword);
		$sth_pwupdate ->bindParam(":uid",$uid);
		try {
			$sth_pwupdate ->execute();
		}catch (Exception $e) {
	        msg_display('错误代码333，请联系管理员','error','#');
	    }
		msg_display('修改密码成功','success','#');
	}
	else{
		msg_display('旧密码错误，请重新输入','error','#');
	}
}
?>